Kaspersky Reveals How Cyber Attackers’ Mistakes Can Be Traced Back to Them

The small clues from the errors that attackers left behind are vital when it comes to attribution and is able to provide valuable intelligence on the people behind a cyber espionage attack. Over the past 10 years, Kaspersky Lab’s researchers have been tracking advanced cyber espionage operations that originates and targets Asia Pacific countries, analysing the attackers’ careless mistakes.

For example, a threat actor known as Dropping Elephant who was most likely operating from India, targeted high profile diplomatic and economic entities in countries including Australia, China, Bangladesh, Taiwan and more. Clues revealed traces of three individuals where one in particular carelessly disclosed a personal document that led Kaspersky Lab researchers to track down the people behind Dropping Elephant.

Apart from that, Kaspersky Lab also published a report on Naikon APT, that has been tracking geo-political intelligence in countries around the South China Sea for over half a decade. Later that year, an alleged connection discovered by ThreatConnect researchers showed a domain name used in Naikon APT, found across several social media accounts, which also led to more than 700 posts and 500 photos that allowed the researchers to track down the attacker’s real location and work address.

Some of the information revealed from the mistakes and clues that led towards the individuals involved in cyber espionage includes:

Apparent military connections

Organisations engaged in undercover threat activity for State Security

Private companies offering intelligent services

Cyber espionage campaigns that consist of a variety of people with different skilled roles and responsibilities

Noushin Shabab, Senior Security Researcher says: “Once we have all the necessary pieces of the puzzle from the clues and careless mistakes, we share evidences with fellow experts to be able to know the spies behind an attack, their main objectives and techniques. All the information gathered through investing targeted attacks help us discover the truths and the myths of cyber espionage in the Asia Pacific region.”

A premier English monthly business magazine, Business Today has grown in leaps and bounds since its inception in May 2001. Today, it is instantly recognised all over Malaysia as the definitive business magazine that brings the business community closer and exposes them to the global competitive edge.